Reports & Testimonies

GAO’s recommendations database contains report recommendations that still need to be addressed.

GAO’s recommendations help congressional and agency leaders prepare for appropriations
and oversight activities, as well as help improve government operations. Recommendations
remain open until they are designated as Closed-implemented or Closed-not implemented.
You can explore open recommendations by searching or browsing.

GAO's priority recommendations are those that we believe warrant priority attention. We sent
letters to the heads of key departments and agencies, urging them to continue focusing
on these issues. These recommendations are labeled as such. You can find priority recommendations
by searching or browsing our open recommendations below, or through our mobile app.

Recommendation: To provide increased oversight of AOC and to keep the Architect and the Congress fully and currently informed, the AOC OIG should revise and implement policies and procedures to provide audit reports that are based on planning that includes an assessment of risk and the assignment of priorities, consistent with requirements in CIGIE's Quality Standards for Federal Offices of Inspector General.

Agency: Architect of the CapitolStatus: Open

Comments: The AOC OIG has met the intent of GAO recommendation related to "revising" policies and procedures. We have verified that AOC OIG's policies (dated February 2017) have been revised and now require an assessment of risk and the assignment of priorities, consistent with requirements in CIGIE's Quality Standards for Federal Offices of Inspector General. However, we do not believe AOC OIG has met the intent of GAO recommendation related to "implementing" policies and procedures. In June 2017, the AOC OIG informed us that it plans to complete a risk assessment in August 2017 and use the results from the risk assessment to aid in developing the AOC OIG fiscal year 2018 audit plan, which AOC OIG plans to complete by October 1, 2017. To fully implement the recommendation, we believe AOC OIG still needs to (1) complete the risk assessment and (2) show how it used the results of the risk assessment to improve the scope of what needs to be audited. We will continue to monitor AOC OIG's actions to address this recommendation.

Recommendation: To reduce the risk that fraud, waste, and abuse and criminal activities are not detected or fully addressed, the AOC OIG should (1) work with CIGIE to obtain a peer review from another federal OIG of the AOC OIG's overall investigative operations, including consideration of the OIG's reliance on investigations performed by other entities, and (2) make any needed changes in its operating procedures based on the results of the review to help ensure that investigations of AOC are conducted in accordance with CIGIE standards for investigations and AOC Inspector General Act of 1978 (IG Act) requirements.

Agency: Architect of the CapitolStatus: Open

Comments: On April 27, 2017, the OIG informed us that it has scheduled with CIGIE an external peer review of AOC investigative operations. The Federal Housing Finance Agency OIG is scheduled to perform this review in August 2017. This external review will also include assessing the AOC OIG's reliance on other OIGs and the U.S. Capitol Police to complete certain investigations. Further, AOC OIG indicated that after they receive the results of this peer review, they will make needed changes in operating procedures consistent with the GAO recommendation. We will continue to monitor AOC OIG's actions to address this recommendation.

Recommendation: To ensure that any future NNSA effort--through the OTH initiative or another process--to assess proliferation threats and the implications for DNN produces high-quality information, the NNSA Administrator should implement established methods, including literature reviews, structured interviews, and peer reviews.

Agency: Department of Energy: National Nuclear Security AdministrationStatus: Open

Comments: NNSA is in the process of revising its threat assessment process. We are currently evaluating NNSA's actions.

Recommendation: To improve transparency in the rulemaking process, provide agencies and the public with information on why regulations are considered to be significant regulatory actions, and promote consistency in the designation of rules as significant regulatory actions, the Director of the Office of Management and Budget should work with agencies to clearly communicate the reasons for designating a regulation as a significant regulatory action. Specifically, OMB should encourage agencies to clearly state in the preamble of final significant regulations the section of Executive Order 12866's definition of a significant regulatory action that applies to the regulation.

Agency: Executive Office of the President: Office of Management and BudgetStatus: Open

Comments: In a May 14, 2015 letter to the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Director of OMB stated that nothing in the Executive Order 12866 prevents agencies from identifying the particular relevant definition of significance in rules, and that some rules do contain this information. However, OMB believes it is appropriate to leave agencies flexibility in how they comply with Executive Order 12866, since such specific procedures for including such information is not a requirement of the Executive Order itself. As of February 2017, the Office of Information and Regulatory Affairs has not taken action. We will continue to monitor this to see whether action is taken.

Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for National Protection and Programs Directorate (NPPD), the Assistant Secretary for NIPP's Office of Infrastructure Protection (IP), and Director of ISCD to develop a plan, with timeframes and milestones, that incorporates the results of the various efforts to fully address each of the components of risk and take associated actions where appropriate to enhance ISCD's risk assessment approach consistent with the NIPP and the CFATS rule.

Agency: Department of Homeland SecurityStatus: Open

Comments: According to Infrastructure Security Compliance Division (ISCD) officials, they completed development of an updated tiering methodology, which incorporates improvements based on recommendations from both the external peer review of the tiering methodology and a Sandia National Laboratory (Sandia) report on economic consequences, which was submitted to the Department in the first quarter of fiscal year (FY) 2015. Additionally, according to the officials, DHS continued hosting meetings of an external experts panel consisting of representatives from other Federal agencies and the chemical and oil and natural gas industries, who have met repeatedly to review and provide input on the proposed improvements to the Chemical Facility Anti-Terrorism Standards (CFATS) tiering methodology. As noted in the tiering methodology improvement plan previously provided by the Department to GAO, the ISCD is having external entities validate and verify the updated methodology before deployment. To that end, the Homeland Security Studies and Analysis Institute (HSSAI) has reviewed and provided findings and recommendations on all parts of the updated tiering engine. Additionally, Sandia has been conducting component testing of the tiering engine as it is being updated and, beginning in January 2016, Sandia will conduct end-to-end testing of the engine. Concurrent with these efforts, ISCD has been updating the Chemical Security Assessment Tool (CSAT) applications which currently support the collection of the data used by the CFATS tiering methodology (i.e., Top-Screen, Security Vulnerability Assessment). According to the officials, deployment of these new applications cannot occur until the DHS's Information Collection Request (ICR) is approved by the White House's Office of Management and Budget (OMB), which the Department anticipates submitting to OMB in the third quarter of fiscal year 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.

Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for IP, and Director of ISCD to conduct an independent peer review, after ISCD completes enhancements to its risk assessment approach, that fully validates and verifies ISCD's risk assessment approach consistent with the recommendations of the National Research Council of the National Academies.

Agency: Department of Homeland SecurityStatus: Open

Comments: According to Infrastructure Security Compliance Division (ISCD) officials, the updated CFATS risk-based tiering methodology has been developed and portions of it are undergoing independent review from both HSSAI and Sandia. An independent verification and validation of the updated tiering methodology is scheduled to be conducted by Sandia beginning in January 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.